[gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/

["Sam James" <sam@gentoo.org>]

commit:     2b070cd4a9b495cee874b94964391472fc795aaf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  5 06:09:51 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan  5 06:10:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b070cd4

net-misc/curl: drop 8.3.0-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/curl/Manifest                             |   2 -
 net-misc/curl/curl-8.3.0-r2.ebuild                 | 363 ---------------------
 .../curl/files/curl-8.3.0-CVE-2023-38545.patch     | 136 --------
 .../curl/files/curl-8.3.0-CVE-2023-38546.patch     | 131 --------
 .../curl/files/curl-8.3.0-tests-arm-musl.patch     | 115 -------
 5 files changed, 747 deletions(-)

diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index cf734b415f1c..7a6c28ff0f54 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,3 @@
-DIST curl-8.3.0.tar.xz 2641764 BLAKE2B 6875b20e27ed86f9b6ab256210d85e9fb3b39645e8be710b2e6fe29fba40220f870e06bc21e8a92244670fed0a08c7716e4806a267ede49c4ed6d66e03f5fcd4 SHA512 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51
-DIST curl-8.3.0.tar.xz.asc 488 BLAKE2B ef5a749e579710d45db9f73da0cbcb58d77a9dfe73be622536496997fa792fe5cbd0331a31f01e21cbdb36c6384dca44baa647c9f3d20effabb5bfc275b1b491 SHA512 b7d45722640ac50181b20a6d663168ec6eec6691c5604ddfe9c7177f07da598cb2de688c631043dc428c311774d781ccd16bd1e2fb4f038be651e3bee383aec4
 DIST curl-8.4.0.tar.xz 2658376 BLAKE2B ea5ebecc3c1aeac3ae8fd0cf7d8ff3298149b9c4c556fb85ed8d9310e3613228eb6fca133b0dfb9268988f93d694779fab8d53510cfa5710c1320bb6638f05eb SHA512 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b
 DIST curl-8.4.0.tar.xz.asc 488 BLAKE2B 0fd4ea46a0942b9bc440e91e8f9323bba6d0eb02fbc87c227004c90e5be14cc644446bc235ab67f857b617975cdeada6ce38a647da9e0bd783e57d58f354cdb4 SHA512 b8b7a5b76be816e7b1552354f267f335fdc608cdadbd2c40ab44faf6450c6bbd2853b6de5c2746a1292aad33a8ee1c367380d32bb1a8282540b38c3b985a320e
 DIST curl-8.5.0.tar.xz 2658520 BLAKE2B cfd591f9703b9c63712dbe74494b05a80ce5a4fc4f8fc0fbf57058578eed5f33d71277f688d5d9f409bcd82e3a4cacaa5615a44f2a7c554559c6be7dd5188893 SHA512 acffa2cf61d9b8e4188575a1b40227da8d722df2e5fe8bb82a222b4eb2fd64bf8aebd90852ce050c79fb5e517d5cee2546bf7de92ede1dd394263e231cb741a3

diff --git a/net-misc/curl/curl-8.3.0-r2.ebuild b/net-misc/curl/curl-8.3.0-r2.ebuild
deleted file mode 100644
index 350d4acf5b7c..000000000000
--- a/net-misc/curl/curl-8.3.0-r2.ebuild
+++ /dev/null
@@ -1,363 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
-	inherit git-r3
-	EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
-	SRC_URI="
-		https://curl.se/download/${P}.tar.xz
-		verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
-	"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-IUSE+=" nghttp3"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
-REQUIRED_USE="
-	ssl? (
-		^^ (
-			curl_ssl_gnutls
-			curl_ssl_mbedtls
-			curl_ssl_openssl
-			curl_ssl_rustls
-		)
-	)
-	curl_ssl_gnutls? ( gnutls )
-	curl_ssl_mbedtls? ( mbedtls )
-	curl_ssl_openssl? ( openssl )
-	curl_ssl_rustls? ( rustls )
-	nghttp3? ( !openssl )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-
-RDEPEND="
-	sys-libs/zlib[${MULTILIB_USEDEP}]
-	adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
-	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
-	http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
-	idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
-	ldap? ( net-nds/openldap:=[static-libs?,${MULTILIB_USEDEP}] )
-	nghttp3? (
-		>=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
-		>=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
-	)
-	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
-	ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
-	ssl? (
-		gnutls? (
-			app-misc/ca-certificates
-			net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
-			dev-libs/nettle:=[${MULTILIB_USEDEP}]
-		)
-		mbedtls? (
-			app-misc/ca-certificates
-			net-libs/mbedtls:=[${MULTILIB_USEDEP}]
-		)
-		openssl? (
-			dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
-		)
-		rustls? (
-			net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
-		)
-	)
-	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	dev-lang/perl
-	virtual/pkgconfig
-	test? (
-		sys-apps/diffutils
-		http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
-		nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
-	)
-	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
-	__builtin_available
-	closesocket
-	CloseSocket
-	getpass_r
-	ioctlsocket
-	IoctlSocket
-	mach_absolute_time
-	setmode
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-prefix.patch
-	"${FILESDIR}"/${PN}-respect-cflags-3.patch
-	"${FILESDIR}"/${P}-tests-arm-musl.patch
-	"${FILESDIR}"/${P}-CVE-2023-38545.patch
-	"${FILESDIR}"/${P}-CVE-2023-38546.patch
-)
-
-src_prepare() {
-	default
-
-	eprefixify curl-config.in
-	eautoreconf
-}
-
-multilib_src_configure() {
-	# We make use of the fact that later flags override earlier ones
-	# So start with all ssl providers off until proven otherwise
-	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
-	local myconf=()
-
-	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
-	if use ssl; then
-		myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
-		if use gnutls; then
-			multilib_is_native_abi && einfo "SSL provided by gnutls"
-			myconf+=( --with-gnutls )
-		fi
-		if use mbedtls; then
-			multilib_is_native_abi && einfo "SSL provided by mbedtls"
-			myconf+=( --with-mbedtls )
-		fi
-		if use openssl; then
-			multilib_is_native_abi && einfo "SSL provided by openssl"
-			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
-		fi
-		if use rustls; then
-			multilib_is_native_abi && einfo "SSL provided by rustls"
-			myconf+=( --with-rustls )
-		fi
-		if use curl_ssl_gnutls; then
-			multilib_is_native_abi && einfo "Default SSL provided by gnutls"
-			myconf+=( --with-default-ssl-backend=gnutls )
-		elif use curl_ssl_mbedtls; then
-			multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
-			myconf+=( --with-default-ssl-backend=mbedtls )
-		elif use curl_ssl_openssl; then
-			multilib_is_native_abi && einfo "Default SSL provided by openssl"
-			myconf+=( --with-default-ssl-backend=openssl )
-		elif use curl_ssl_rustls; then
-			multilib_is_native_abi && einfo "Default SSL provided by rustls"
-			myconf+=( --with-default-ssl-backend=rustls )
-		else
-			eerror "We can't be here because of REQUIRED_USE."
-			die "Please file a bug, hit impossible condition w/ USE=ssl handling."
-		fi
-
-	else
-		myconf+=( --without-ssl )
-		einfo "SSL disabled"
-	fi
-
-	# These configuration options are organized alphabetically
-	# within each category.  This should make it easier if we
-	# ever decide to make any of them contingent on USE flags:
-	# 1) protocols first.  To see them all do
-	# 'grep SUPPORT_PROTOCOLS configure.ac'
-	# 2) --enable/disable options second.
-	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
-	# 3) --with/without options third.
-	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
-	myconf+=(
-		$(use_enable alt-svc)
-		--enable-basic-auth
-		--enable-bearer-auth
-		--enable-digest-auth
-		--enable-kerberos-auth
-		--enable-negotiate-auth
-		--enable-aws
-		--enable-dict
-		--disable-ech
-		--enable-file
-		$(use_enable ftp)
-		$(use_enable gopher)
-		$(use_enable hsts)
-		--enable-http
-		$(use_enable imap)
-		$(use_enable ldap)
-		$(use_enable ldap ldaps)
-		--enable-ntlm
-		--disable-ntlm-wb
-		$(use_enable pop3)
-		--enable-rt
-		--enable-rtsp
-		$(use_enable samba smb)
-		$(use_with ssh libssh2)
-		$(use_enable smtp)
-		$(use_enable telnet)
-		$(use_enable tftp)
-		--enable-tls-srp
-		$(use_enable adns ares)
-		--enable-cookies
-		--enable-dateparse
-		--enable-dnsshuffle
-		--enable-doh
-		--enable-symbol-hiding
-		--enable-http-auth
-		--enable-ipv6
-		--enable-largefile
-		--enable-manual
-		--enable-mime
-		--enable-netrc
-		$(use_enable progress-meter)
-		--enable-proxy
-		--enable-socketpair
-		--disable-sspi
-		$(use_enable static-libs static)
-		--enable-pthreads
-		--enable-threaded-resolver
-		--disable-versioned-symbols
-		--without-amissl
-		--without-bearssl
-		$(use_with brotli)
-		--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
-		$(use_with http2 nghttp2)
-		--without-hyper
-		$(use_with idn libidn2)
-		$(use_with kerberos gssapi "${EPREFIX}"/usr)
-		--without-libgsasl
-		--without-libpsl
-		--without-msh3
-		$(use_with nghttp3)
-		$(use_with nghttp3 ngtcp2)
-		--without-quiche
-		$(use_with rtmp librtmp)
-		--without-schannel
-		--without-secure-transport
-		--without-test-caddy
-		--without-test-httpd
-		--without-test-nghttpx
-		$(use_enable websockets)
-		--without-winidn
-		--without-wolfssl
-		--with-zlib
-		$(use_with zstd)
-		--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
-	)
-
-	if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
-		myconf+=(
-			--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
-		)
-	fi
-
-	if [[ ${CHOST} == *mingw* ]] ; then
-		myconf+=(
-			--disable-pthreads
-		)
-	fi
-
-	ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
-	if ! multilib_is_native_abi; then
-		# Avoid building the client (we just want libcurl for multilib)
-		sed -i -e '/SUBDIRS/s:src::' Makefile || die
-		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
-	fi
-
-	# Fix up the pkg-config file to be more robust.
-	# https://github.com/curl/curl/issues/864
-	local priv=() libs=()
-	# We always enable zlib.
-	libs+=( "-lz" )
-	priv+=( "zlib" )
-	if use http2; then
-		libs+=( "-lnghttp2" )
-		priv+=( "libnghttp2" )
-	fi
-	if use nghttp3; then
-		libs+=( "-lnghttp3" "-lngtcp2" )
-		priv+=( "libnghttp3" "libngtcp2" )
-	fi
-	if use ssl && use curl_ssl_openssl; then
-		libs+=( "-lssl" "-lcrypto" )
-		priv+=( "openssl" )
-	fi
-	grep -q Requires.private libcurl.pc && die "need to update ebuild"
-	libs=$(printf '|%s' "${libs[@]}")
-	sed -i -r \
-		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
-		libcurl.pc || die
-	echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_compile() {
-	default
-
-	if multilib_is_native_abi; then
-		# Shell completions
-		! tc-is-cross-compiler && emake -C scripts
-	fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
-	# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
-	# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
-	# -v: verbose
-	# -a: keep going on failure (so we see everything which breaks, not just 1st test)
-	# -k: keep test files after completion
-	# -am: automake style TAP output
-	# -p: print logs if test fails
-	# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
-	# or just read https://github.com/curl/curl/tree/master/tests#run.
-	# Note: we don't run the testsuite for cross-compilation.
-	# Upstream recommend 7*nproc as a starting point for parallel tests, but
-	# this ends up breaking when nproc is huge (like -j80).
-	# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
-	# as most gentoo users don't have an 'ip6-localhost'
-	multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi; then
-		# Shell completions
-		! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
-	fi
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	find "${ED}" -type f -name '*.la' -delete || die
-	rm -rf "${ED}"/etc/ || die
-}

diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch
deleted file mode 100644
index 04603a8c01dc..000000000000
--- a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-https://bugs.gentoo.org/915195
-
-From 1e1f915b73ab0895a68348ad1f96a5283a44ffd7 Mon Sep 17 00:00:00 2001
-From: Jay Satiro <raysatiro@yahoo.com>
-Date: Mon, 9 Oct 2023 17:45:07 -0400
-Subject: [PATCH] socks: return error if hostname too long for remote resolve
-
-Prior to this change the state machine attempted to change the remote
-resolve to a local resolve if the hostname was longer than 255
-characters. Unfortunately that did not work as intended and caused a
-security issue.
-
-This patch applies to curl versions 8.2.0 - 8.3.0. Other versions
-that are affected take a different patch. Refer to the CVE advisory
-for more information.
-
-Bug: https://curl.se/docs/CVE-2023-38545.html
----
- lib/socks.c             |  8 +++----
- tests/data/Makefile.inc |  2 +-
- tests/data/test728      | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 69 insertions(+), 5 deletions(-)
- create mode 100644 tests/data/test728
-
-diff --git a/lib/socks.c b/lib/socks.c
-index 25a3578..3d41c93 100644
---- a/lib/socks.c
-+++ b/lib/socks.c
-@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
- 
-     /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
-     if(!socks5_resolve_local && hostname_len > 255) {
--      infof(data, "SOCKS5: server resolving disabled for hostnames of "
--            "length > 255 [actual len=%zu]", hostname_len);
--      socks5_resolve_local = TRUE;
-+      failf(data, "SOCKS5: the destination hostname is too long to be "
-+            "resolved remotely by the proxy.");
-+      return CURLPX_LONG_HOSTNAME;
-     }
- 
-     if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
-@@ -904,7 +904,7 @@ CONNECT_RESOLVE_REMOTE:
-       }
-       else {
-         socksreq[len++] = 3;
--        socksreq[len++] = (char) hostname_len; /* one byte address length */
-+        socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
-         memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */
-         len += hostname_len;
-       }
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 8ee1394..3e2094e 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -100,7 +100,7 @@ test679 test680 test681 test682 test683 test684 test685 test686 \
- \
- test700 test701 test702 test703 test704 test705 test706 test707 test708 \
- test709 test710 test711 test712 test713 test714 test715 test716 test717 \
--test718 test719 test720 test721 \
-+test718 test719 test720 test721 test728 \
- \
- test799 test800 test801 test802 test803 test804 test805 test806 test807 \
- test808 test809 test810 test811 test812 test813 test814 test815 test816 \
-diff --git a/tests/data/test728 b/tests/data/test728
-new file mode 100644
-index 0000000..05bcf28
---- /dev/null
-+++ b/tests/data/test728
-@@ -0,0 +1,64 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+SOCKS5
-+SOCKS5h
-+followlocation
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+# The hostname in this redirect is 256 characters and too long (> 255) for
-+# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case.
-+<data>
-+HTTP/1.1 301 Moved Permanently
-+Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
-+Content-Length: 0
-+Connection: close
-+
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<features>
-+proxy
-+</features>
-+<server>
-+http
-+socks5
-+</server>
-+ <name>
-+SOCKS5h with HTTP redirect to hostname too long
-+ </name>
-+ <command>
-+--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol crlf="yes">
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+</protocol>
-+<errorcode>
-+97
-+</errorcode>
-+# the error message is verified because error code CURLE_PROXY (97) may be
-+# returned for any number of reasons and we need to make sure it is
-+# specifically for the reason below so that we know the check is working.
-+<stderr mode="text">
-+curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.
-+</stderr>
-+</verify>
-+</testcase>
--- 
-2.7.4
-

diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch
deleted file mode 100644
index 615ab26cb2a8..000000000000
--- a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-https://bugs.gentoo.org/915195
-https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8
-
-From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 14 Sep 2023 23:28:32 +0200
-Subject: [PATCH] cookie: remove unnecessary struct fields
-
-Plus: reduce the hash table size from 256 to 63. It seems unlikely to
-make much of a speed difference for most use cases but saves 1.5KB of
-data per instance.
-
-Closes #11862
----
- lib/cookie.c | 13 +------------
- lib/cookie.h | 13 ++++---------
- lib/easy.c   |  4 +---
- 3 files changed, 6 insertions(+), 24 deletions(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 4345a84c6fd9d..e39c89a94a960 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co)
-   free(co->name);
-   free(co->value);
-   free(co->maxage);
--  free(co->version);
-   free(co);
- }
- 
-@@ -718,11 +717,7 @@ Curl_cookie_add(struct Curl_easy *data,
-           }
-         }
-         else if((nlen == 7) && strncasecompare("version", namep, 7)) {
--          strstore(&co->version, valuep, vlen);
--          if(!co->version) {
--            badcookie = TRUE;
--            break;
--          }
-+          /* just ignore */
-         }
-         else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
-           /*
-@@ -1160,7 +1155,6 @@ Curl_cookie_add(struct Curl_easy *data,
-     free(clist->path);
-     free(clist->spath);
-     free(clist->expirestr);
--    free(clist->version);
-     free(clist->maxage);
- 
-     *clist = *co;  /* then store all the new data */
-@@ -1224,9 +1218,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
-     c = calloc(1, sizeof(struct CookieInfo));
-     if(!c)
-       return NULL; /* failed to get memory */
--    c->filename = strdup(file?file:"none"); /* copy the name just in case */
--    if(!c->filename)
--      goto fail; /* failed to get memory */
-     /*
-      * Initialize the next_expiration time to signal that we don't have enough
-      * information yet.
-@@ -1378,7 +1369,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
-     CLONE(name);
-     CLONE(value);
-     CLONE(maxage);
--    CLONE(version);
-     d->expires = src->expires;
-     d->tailmatch = src->tailmatch;
-     d->secure = src->secure;
-@@ -1595,7 +1585,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
- {
-   if(c) {
-     unsigned int i;
--    free(c->filename);
-     for(i = 0; i < COOKIE_HASH_SIZE; i++)
-       Curl_cookie_freelist(c->cookies[i]);
-     free(c); /* free the base struct as well */
-diff --git a/lib/cookie.h b/lib/cookie.h
-index b3c0063b2cfb2..41e9e7a6914e0 100644
---- a/lib/cookie.h
-+++ b/lib/cookie.h
-@@ -36,11 +36,7 @@ struct Cookie {
-   char *domain;      /* domain = <this> */
-   curl_off_t expires;  /* expires = <this> */
-   char *expirestr;   /* the plain text version */
--
--  /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
--  char *version;     /* Version = <value> */
-   char *maxage;      /* Max-Age = <value> */
--
-   bool tailmatch;    /* whether we do tail-matching of the domain name */
-   bool secure;       /* whether the 'secure' keyword was used */
-   bool livecookie;   /* updated from a server, not a stored file */
-@@ -56,17 +52,16 @@ struct Cookie {
- #define COOKIE_PREFIX__SECURE (1<<0)
- #define COOKIE_PREFIX__HOST (1<<1)
- 
--#define COOKIE_HASH_SIZE 256
-+#define COOKIE_HASH_SIZE 63
- 
- struct CookieInfo {
-   /* linked list of cookies we know of */
-   struct Cookie *cookies[COOKIE_HASH_SIZE];
--  char *filename;  /* file we read from/write to */
--  long numcookies; /* number of cookies in the "jar" */
-+  curl_off_t next_expiration; /* the next time at which expiration happens */
-+  int numcookies;  /* number of cookies in the "jar" */
-+  int lastct;      /* last creation-time used in the jar */
-   bool running;    /* state info, for cookie adding information */
-   bool newsession; /* new session, discard session cookies on load */
--  int lastct;      /* last creation-time used in the jar */
--  curl_off_t next_expiration; /* the next time at which expiration happens */
- };
- 
- /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says
-diff --git a/lib/easy.c b/lib/easy.c
-index 16bbd35251d40..03195481f9780 100644
---- a/lib/easy.c
-+++ b/lib/easy.c
-@@ -925,9 +925,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
-   if(data->cookies) {
-     /* If cookies are enabled in the parent handle, we enable them
-        in the clone as well! */
--    outcurl->cookies = Curl_cookie_init(data,
--                                        data->cookies->filename,
--                                        outcurl->cookies,
-+    outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
-                                         data->set.cookiesession);
-     if(!outcurl->cookies)
-       goto fail;

diff --git a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch b/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch
deleted file mode 100644
index e07c13a04766..000000000000
--- a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-https://github.com/curl/curl/issues/11900
-https://github.com/curl/curl/commit/b226bd679a68b8bf94cbb6d58837f00251560e63
-https://github.com/curl/curl/commit/9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93
-
-From b226bd679a68b8bf94cbb6d58837f00251560e63 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Mon, 25 Sep 2023 13:03:26 +0200
-Subject: [PATCH] configure: sort AC_CHECK_FUNCS
-
-No functional changes.
----
- configure.ac | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 2fc9f2f01783c..a6f9066a133a4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
-           #include <sys/types.h>]])
- 
- 
--AC_CHECK_FUNCS([fnmatch \
-+AC_CHECK_FUNCS([\
-+  arc4random \
-   fchmod \
-+  fnmatch \
-   fork \
-   geteuid \
-   getpass_r \
-@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \
-   snprintf \
-   utime \
-   utimes \
--  arc4random
- ],[
- ],[
-   func="$ac_func"
-
-From 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Fri, 22 Sep 2023 13:58:49 +0000
-Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback
-
-fseek uses long offset which does not match with curl_off_t. This leads
-to undefined behavior when calling the callback and caused failure on
-arm 32 bit.
-
-Use a wrapper to solve this and use fseeko which uses off_t instead of
-long.
-
-Thanks to the nice people at Libera IRC #musl for helping finding this
-out.
-
-Fixes #11882
-Fixes #11900
-Closes #11918
----
- configure.ac   |  2 ++
- lib/formdata.c | 17 +++++++++++++++--
- 3 files changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index a6f9066a133a4..5fa7c45c47430 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
- 
- 
- AC_CHECK_FUNCS([\
-+  _fseeki64 \
-   arc4random \
-   fchmod \
-   fnmatch \
-   fork \
-+  fseeko \
-   geteuid \
-   getpass_r \
-   getppid \
-diff --git a/lib/formdata.c b/lib/formdata.c
-index 8984b63223cc0..f370ce6854b5f 100644
---- a/lib/formdata.c
-+++ b/lib/formdata.c
-@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
-   return res;
- }
- 
-+/* wrap call to fseeko so it matches the calling convetion of callback */
-+static int fseeko_wrapper(void *stream, curl_off_t offset, int whence)
-+{
-+#if defined(HAVE_FSEEKO)
-+  return fseeko(stream, (off_t)offset, whence);
-+#elif defined(HAVE__FSEEKI64)
-+  return _fseeki64(stream, (__int64)offset, whence);
-+#else
-+  if(offset > LONG_MAX)
-+    return -1;
-+  return fseek(stream, (long)offset, whence);
-+#endif
-+}
-+
- /*
-  * Curl_getformdata() converts a linked list of "meta data" into a mime
-  * structure. The input list is in 'post', while the output is stored in
-@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
-                compatibility: use of "-" pseudo file name should be avoided. */
-             result = curl_mime_data_cb(part, (curl_off_t) -1,
-                                        (curl_read_callback) fread,
--                                       CURLX_FUNCTION_CAST(curl_seek_callback,
--                                                           fseek),
-+                                       fseeko_wrapper,
-                                        NULL, (void *) stdin);
-           }
-           else
-